archive
/
windows-server-2003
mirror of https://github.com/selfrender/Windows-Server-2003
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
Leaked source code of windows server 2003
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
4 Commits
1 Branch
0 Tags
1.5 GiB
Tree: 5c6fe3db62
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '5c6fe3db62'
${ noResults }
windows-server-2003/public/internal/ds/inc/secedit.h

1114 lines
29 KiB
Raw Normal View History

commiting as it is
4 years ago
  1. /*++
  3. Copyright (c) 1996 Microsoft Corporation
  5. Module Name:
  7. secedit.h
  9. Abstract:
  11. This module defines the exported data structures and function prototypes
  12. for the security managment utility
  14. Author:
  16. Jin Huang (jinhuang) 28-Oct-1996
  18. Revision History:
  20. --*/
  22. #ifndef _secedit_
  23. #define _secedit_
  25. #ifdef __cplusplus
  26. extern "C"{
  27. #endif
  29. //
  30. // definition for areas
  31. //
  32. #ifndef SCE_AREA_DEFINED
  33. #define SCE_AREA_DEFINED
  34. typedef DWORD AREA_INFORMATION;
  36. #define AREA_SECURITY_POLICY 0x0001L
  37. #define AREA_USER_SETTINGS 0x0002L
  38. #define AREA_GROUP_MEMBERSHIP 0x0004L
  39. #define AREA_PRIVILEGES 0x0008L
  40. #define AREA_DS_OBJECTS 0x0010L
  41. #define AREA_REGISTRY_SECURITY 0x0020L
  42. #define AREA_FILE_SECURITY 0x0040L
  43. #define AREA_SYSTEM_SERVICE 0x0080L
  44. #define AREA_ATTACHMENTS 0x8000L
  45. #define AREA_ALL 0xFFFFL
  47. #endif
  48. //
  49. // Other constants
  50. //
  51. #define AREA_PASSWORD_POLICY 0x0100L
  52. #define AREA_LOCKOUT_POLICY 0x0200L
  53. #define AREA_KERBEROS_POLICY 0x0400L
  54. #define AREA_ACCOUNT_POLICY (AREA_PASSWORD_POLICY | \
  55. AREA_LOCKOUT_POLICY | \
  56. AREA_KERBEROS_POLICY)
  58. #define AREA_AUDIT_POLICY 0x0800L
  59. #define AREA_SECURITY_OPTIONS 0x1000L
  60. #define AREA_LOCAL_POLICY (AREA_AUDIT_POLICY |\
  61. AREA_PRIVILEGES |\
  62. AREA_SECURITY_OPTIONS)
  64. #define AREA_LOG_POLICY 0x2000L
  67. #define SCE_STATUS_CHECK 0
  68. #define SCE_STATUS_IGNORE 1
  69. #define SCE_STATUS_OVERWRITE 2
  70. #define SCE_STATUS_NO_AUTO_INHERIT 4
  72. #define SCE_STATUS_IN 0
  73. #define SCE_STATUS_NOT_IN 1
  75. #define SCE_STATUS_NO_ACL_SUPPORT 3
  77. #define SCE_STATUS_GOOD 0
  78. #define SCE_STATUS_MISMATCH 1
  79. #define SCE_STATUS_CHILDREN_CONFIGURED 2
  80. #define SCE_STATUS_NOT_CONFIGURED 4
  81. #define SCE_STATUS_ERROR_NOT_AVAILABLE 5
  82. #define SCE_STATUS_NEW_SERVICE 6
  83. #define SCE_STATUS_NOT_ANALYZED 7
  85. #define SCE_STATUS_PERMISSION_MISMATCH 0x40
  86. #define SCE_STATUS_AUDIT_MISMATCH 0x80
  88. #define SCE_SETUP_32KEY 0x2000L
  89. #ifndef _WIN64
  90. #define SCE_SETUP_64KEY 0x4000L
  91. #endif // _WIN64
  93. typedef enum _SCE_TYPE {
  95. SCE_ENGINE_SYSTEM=300,
  96. SCE_ENGINE_GPO,
  97. SCE_ENGINE_SCP, // effective table
  98. SCE_ENGINE_SAP, // analysis table
  99. SCE_ENGINE_SCP_INTERNAL,
  100. SCE_ENGINE_SMP_INTERNAL,
  101. SCE_ENGINE_SMP, // local table
  102. SCE_STRUCT_INF,
  103. SCE_STRUCT_PROFILE,
  104. SCE_STRUCT_USER,
  105. SCE_STRUCT_NAME_LIST,
  106. SCE_STRUCT_NAME_STATUS_LIST,
  107. SCE_STRUCT_PRIVILEGE,
  108. SCE_STRUCT_GROUP,
  109. SCE_STRUCT_OBJECT_LIST,
  110. SCE_STRUCT_OBJECT_CHILDREN,
  111. SCE_STRUCT_OBJECT_SECURITY,
  112. SCE_STRUCT_OBJECT_ARRAY,
  113. SCE_STRUCT_ERROR_LOG_INFO,
  114. SCE_STRUCT_SERVICES,
  115. SCE_STRUCT_PRIVILEGE_VALUE_LIST,
  116. SCE_ENGINE_RBK
  118. } SCETYPE;
  120. typedef enum _SCE_FORMAT_TYPE_ {
  122. SCE_INF_FORMAT=1,
  123. SCE_JET_FORMAT,
  124. SCE_JET_ANALYSIS_REQUIRED
  126. } SCE_FORMAT_TYPE, *PSCE_FORMAT_TYPE;
  128. static const WCHAR szMembers[] = L"__Members";
  129. static const WCHAR szMemberof[] = L"__Memberof";
  130. static const WCHAR szPrivileges[] = L"__Privileges";
  132. #define SCE_BUF_LEN 1024
  134. #define SCE_FOREVER_VALUE (DWORD)-1
  135. #define SCE_NO_VALUE (DWORD)-2
  136. #define SCE_KERBEROS_OFF_VALUE (DWORD)-3
  137. #define SCE_DELETE_VALUE (DWORD)-4
  138. #define SCE_SNAPSHOT_VALUE (DWORD)-5
  139. #define SCE_NOT_ANALYZED_VALUE (DWORD)-6
  140. #define SCE_ERROR_VALUE (DWORD)-7
  142. #ifndef _SCE_SHARED_HEADER
  143. #define _SCE_SHARED_HEADER
  145. typedef DWORD SCESTATUS;
  147. #define SCESTATUS_SUCCESS 0L
  148. #define SCESTATUS_INVALID_PARAMETER 1L
  149. #define SCESTATUS_RECORD_NOT_FOUND 2L
  150. #define SCESTATUS_INVALID_DATA 3L
  151. #define SCESTATUS_OBJECT_EXIST 4L
  152. #define SCESTATUS_BUFFER_TOO_SMALL 5L
  153. #define SCESTATUS_PROFILE_NOT_FOUND 6L
  154. #define SCESTATUS_BAD_FORMAT 7L
  155. #define SCESTATUS_NOT_ENOUGH_RESOURCE 8L
  156. #define SCESTATUS_ACCESS_DENIED 9L
  157. #define SCESTATUS_CANT_DELETE 10L
  158. #define SCESTATUS_PREFIX_OVERFLOW 11L
  159. #define SCESTATUS_OTHER_ERROR 12L
  160. #define SCESTATUS_ALREADY_RUNNING 13L
  161. #define SCESTATUS_SERVICE_NOT_SUPPORT 14L
  162. #define SCESTATUS_MOD_NOT_FOUND 15L
  163. #define SCESTATUS_EXCEPTION_IN_SERVER 16L
  164. #define SCESTATUS_NO_TEMPLATE_GIVEN 17L
  165. #define SCESTATUS_NO_MAPPING 18L
  166. #define SCESTATUS_TRUST_FAIL 19L
  167. #define SCESTATUS_JET_DATABASE_ERROR 20L
  168. #define SCESTATUS_TIMEOUT 21L
  169. #define SCESTATUS_PENDING_IGNORE 22L
  170. #define SCESTATUS_SPECIAL_ACCOUNT 23L
  172. //
  173. // defined for services
  174. //
  175. typedef struct _SCESVC_CONFIGURATION_LINE_ {
  177. LPTSTR Key;
  178. LPTSTR Value;
  179. DWORD ValueLen; // number of bytes
  181. } SCESVC_CONFIGURATION_LINE, *PSCESVC_CONFIGURATION_LINE;
  183. typedef struct _SCESVC_CONFIGURATION_INFO_ {
  185. DWORD Count;
  186. PSCESVC_CONFIGURATION_LINE Lines;
  188. } SCESVC_CONFIGURATION_INFO, *PSCESVC_CONFIGURATION_INFO;
  190. typedef PVOID SCE_HANDLE;
  191. typedef ULONG SCE_ENUMERATION_CONTEXT, *PSCE_ENUMERATION_CONTEXT;
  193. #define SCESVC_ENUMERATION_MAX 100L
  195. typedef enum _SCESVC_INFO_TYPE {
  197. SceSvcConfigurationInfo,
  198. SceSvcMergedPolicyInfo,
  199. SceSvcAnalysisInfo,
  200. SceSvcInternalUse // !!!do not use this type!!!
  202. } SCESVC_INFO_TYPE;
  204. // root path for SCE key
  205. #define SCE_ROOT_PATH TEXT("Software\\Microsoft\\Windows NT\\CurrentVersion\\SeCEdit")
  207. #define SCE_ROOT_SERVICE_PATH \
  208. SCE_ROOT_PATH TEXT("\\SvcEngs")
  209. #endif
  211. //
  212. // All section names defined in the SCP/SAP profiles.
  213. //
  215. static const WCHAR szDescription[] = L"Profile Description";
  216. static const WCHAR szAttachments[] = L"Attachment Sections";
  217. static const WCHAR szSystemAccess[] = L"System Access";
  218. static const WCHAR szPrivilegeRights[] = L"Privilege Rights";
  219. static const WCHAR szGroupMembership[] = L"Group Membership";
  220. static const WCHAR szAccountProfiles[] = L"Account Profiles";
  221. static const WCHAR szRegistryKeys[] = L"Registry Keys";
  222. static const WCHAR szFileSecurity[] = L"File Security";
  223. static const WCHAR szDSSecurity[] = L"DS Security";
  224. static const WCHAR szAuditSystemLog[] = L"System Log";
  225. static const WCHAR szAuditSecurityLog[] = L"Security Log";
  226. static const WCHAR szAuditApplicationLog[] = L"Application Log";
  227. static const WCHAR szAuditEvent[] = L"Event Audit";
  228. static const WCHAR szUserList[] = L"User List";
  229. static const WCHAR szServiceGeneral[] = L"Service General Setting";
  230. static const WCHAR szKerberosPolicy[] = L"Kerberos Policy";
  231. static const WCHAR szRegistryValues[] = L"Registry Values";
  234. //
  235. // A list of names (e.g., users, groups, machines, and etc)
  236. //
  238. typedef struct _SCE_NAME_LIST {
  239. PWSTR Name;
  240. struct _SCE_NAME_LIST *Next;
  241. }SCE_NAME_LIST, *PSCE_NAME_LIST;
  243. //
  244. // a list of accounts with privileges held
  245. //
  246. typedef struct _SCE_PRIVILEGE_VALUE_LIST {
  247. PWSTR Name;
  248. DWORD PrivLowPart;
  249. DWORD PrivHighPart;
  250. struct _SCE_PRIVILEGE_VALUE_LIST *Next;
  251. }SCE_PRIVILEGE_VALUE_LIST, *PSCE_PRIVILEGE_VALUE_LIST;
  253. //
  254. // structure for error info
  255. //
  257. typedef struct _SCE_ERROR_LOG_INFO{
  258. PWSTR buffer;
  259. DWORD rc;
  260. struct _SCE_ERROR_LOG_INFO *next;
  261. } SCE_ERROR_LOG_INFO, *PSCE_ERROR_LOG_INFO;
  263. //
  264. // The privileges/rights each user/group holds are saved into a INT field -
  265. // PrivilegeRights. The first bit in this field is the first right defined
  266. // in the SCE_Privileges array as above. The second bit is the second right
  267. // defined in that array, and so on.
  268. //
  269. #define cPrivCnt 39
  270. #define cPrivW2k 34
  272. typedef struct _SCE_PRIVILEGE_ASSIGNMENT {
  273. PWSTR Name;
  274. DWORD Value;
  275. // This value could be translated by SceLookupPrivByValue
  276. // The reason we define another set of privilege values is
  277. // we include both privilege and user rights into one set
  278. // (user rights do not have priv value on NT system).
  279. PSCE_NAME_LIST AssignedTo;
  280. // SCE_STATUS_GOOD
  281. // SCE_STATUS_MISMATCH
  282. // SCE_STATUS_NOT_CONFIGURED
  283. // SCE_DELETE_VALUE indicates that this priv is deleted from local table
  284. DWORD Status;
  285. struct _SCE_PRIVILEGE_ASSIGNMENT *Next;
  286. } SCE_PRIVILEGE_ASSIGNMENT, *PSCE_PRIVILEGE_ASSIGNMENT;
  288. //
  289. // A list of log on hours range
  290. //
  292. typedef struct _SCE_LOGON_HOUR {
  293. DWORD Start;
  294. DWORD End;
  295. struct _SCE_LOGON_HOUR *Next;
  296. }SCE_LOGON_HOUR, *PSCE_LOGON_HOUR;
  298. //
  299. // A list of names (e.g., users, groups, machines, and etc)
  300. // with a status (e.g., disabled )
  301. //
  303. typedef struct _SCE_NAME_STATUS_LIST {
  304. PWSTR Name;
  305. DWORD Status;
  306. struct _SCE_NAME_STATUS_LIST *Next;
  307. }SCE_NAME_STATUS_LIST, *PSCE_NAME_STATUS_LIST;
  309. //
  310. // Structure definition for service list (service dll)
  311. //
  314. #define SCE_STARTUP_BOOT 0x00
  315. #define SCE_STARTUP_SYSTEM 0x01
  316. #define SCE_STARTUP_AUTOMATIC 0x02
  317. #define SCE_STARTUP_MANUAL 0x03
  318. #define SCE_STARTUP_DISABLED 0x04
  320. typedef struct _SCE_SERVICES_ {
  321. PWSTR ServiceName;
  322. PWSTR DisplayName;
  324. BYTE Status;
  325. BYTE Startup;
  327. union {
  329. PSECURITY_DESCRIPTOR pSecurityDescriptor;
  330. PWSTR ServiceEngineName;
  332. } General;
  334. SECURITY_INFORMATION SeInfo;
  336. struct _SCE_SERVICES_ *Next;
  338. }SCE_SERVICES, *PSCE_SERVICES;
  340. //
  341. // Group memberships
  342. //
  344. #define SCE_GROUP_STATUS_MEMBERS_MISMATCH 0x01
  345. #define SCE_GROUP_STATUS_MEMBEROF_MISMATCH 0x02
  346. #define SCE_GROUP_STATUS_NC_MEMBERS 0x04
  347. #define SCE_GROUP_STATUS_NC_MEMBEROF 0x08
  348. #define SCE_GROUP_STATUS_NOT_ANALYZED 0x10
  349. #define SCE_GROUP_STATUS_ERROR_ANALYZED 0x20
  352. typedef struct _SCE_GROUP_MEMBERSHIP {
  353. PWSTR GroupName;
  354. PSCE_NAME_LIST pMembers;
  355. PSCE_NAME_LIST pMemberOf;
  357. DWORD Status;
  358. //
  359. // pPrivilegesHeld is for analysis only.
  360. // The format of each entry in this list is:
  361. // [PrivValue NULL] (directly assigned), or
  362. // [PrivValue Name] (via group "Name")
  363. // To configure privileges, use AREA_PRIVILEGES area
  364. //
  365. // This PrivValue could be translated by SceLookupPrivByValue
  366. // The reason we define another set of privilege values is
  367. // we include both privilege and user rights into one set
  368. // (user rights do not have priv value on NT system).
  369. PSCE_NAME_STATUS_LIST pPrivilegesHeld;
  370. struct _SCE_GROUP_MEMBERSHIP *Next;
  371. }SCE_GROUP_MEMBERSHIP, *PSCE_GROUP_MEMBERSHIP;
  373. //
  374. // Definition of Registry and file security
  375. //
  377. typedef struct _SCE_OBJECT_SECURITY {
  378. PWSTR Name;
  379. BYTE Status;
  380. BOOL IsContainer;
  381. PSECURITY_DESCRIPTOR pSecurityDescriptor;
  382. SECURITY_INFORMATION SeInfo;
  383. // PWSTR SDspec;
  384. // DWORD SDsize;
  385. }SCE_OBJECT_SECURITY, *PSCE_OBJECT_SECURITY;
  387. //
  388. // A list of objects (e.g., files, registry keys, and etc)
  389. //
  391. typedef struct _SCE_OBJECT_LIST {
  392. PWSTR Name;
  393. BYTE Status;
  394. // Status could be the status (mismatched/unknown) of the object
  395. // or, it could be a flag to ignore/check this ojbect
  396. //
  397. BOOL IsContainer;
  398. DWORD Count;
  399. // Total count of mismatched/unknown objects under this object
  400. struct _SCE_OBJECT_LIST *Next;
  401. }SCE_OBJECT_LIST, *PSCE_OBJECT_LIST;
  403. typedef struct _SCE_OBJECT_ARRAY_ {
  405. DWORD Count;
  406. PSCE_OBJECT_SECURITY *pObjectArray;
  408. } SCE_OBJECT_ARRAY, *PSCE_OBJECT_ARRAY;
  410. typedef union _SCE_OBJECTS_ {
  411. // for Jet databases
  412. PSCE_OBJECT_LIST pOneLevel;
  413. // for Inf files
  414. PSCE_OBJECT_ARRAY pAllNodes;
  415. } SCE_OBJECTS, *PSCE_OBJECTS;
  417. typedef struct _SCE_OBJECT_CHILDREN_NODE {
  419. PWSTR Name;
  420. BYTE Status;
  421. BOOL IsContainer;
  422. DWORD Count;
  424. } SCE_OBJECT_CHILDREN_NODE, *PSCE_OBJECT_CHILDREN_NODE;
  426. typedef struct _SCE_OBJECT_CHILDREN {
  428. DWORD nCount;
  429. DWORD MaxCount;
  430. PSCE_OBJECT_CHILDREN_NODE arrObject;
  432. } SCE_OBJECT_CHILDREN, *PSCE_OBJECT_CHILDREN;
  434. typedef struct _SCE_KERBEROS_TICKET_INFO_ {
  435. DWORD MaxTicketAge; // in hours (default 10), SCE_NO_VALUE, SCE_FOREVER_VALUE, no 0
  437. DWORD MaxRenewAge; // in days (default 7), SCE_NO_VALUE, SCE_FOREVER_VALUE, no 0
  439. DWORD MaxServiceAge; // in minutes (default 60), SCE_NO_VALUE, 10-MaxTicketAge
  440. DWORD MaxClockSkew; // in minutes (default 5), SCE_NO_VALUE
  442. // options
  443. DWORD TicketValidateClient; // 0, 1, or SCE_NO_VALUE
  445. //
  446. // all other options are not configurable.
  447. //
  449. } SCE_KERBEROS_TICKET_INFO, *PSCE_KERBEROS_TICKET_INFO;
  451. typedef struct _SCE_REGISTRY_VALUE_INFO_ {
  452. LPTSTR FullValueName;
  453. LPTSTR Value;
  454. DWORD ValueType;
  455. DWORD Status; // match, mismatch, not analyzed, error
  457. } SCE_REGISTRY_VALUE_INFO, *PSCE_REGISTRY_VALUE_INFO;
  459. //
  460. // Profile structure
  461. //
  462. typedef struct _SCE_PROFILE_INFO {
  464. // Type is used to free the structure by SceFreeMemory
  465. SCETYPE Type;
  466. //
  467. // Area: System access
  468. //
  469. DWORD MinimumPasswordAge;
  470. DWORD MaximumPasswordAge;
  471. DWORD MinimumPasswordLength;
  472. DWORD PasswordComplexity;
  473. DWORD PasswordHistorySize;
  474. DWORD LockoutBadCount;
  475. DWORD ResetLockoutCount;
  476. DWORD LockoutDuration;
  477. DWORD RequireLogonToChangePassword;
  478. DWORD ForceLogoffWhenHourExpire;
  479. PWSTR NewAdministratorName;
  480. PWSTR NewGuestName;
  481. DWORD SecureSystemPartition;
  482. DWORD ClearTextPassword;
  483. DWORD LSAAnonymousNameLookup;
  484. union {
  485. struct {
  486. // Area : user settings (scp)
  487. PSCE_NAME_LIST pAccountProfiles;
  488. // Area: privileges
  489. // Name field is the user/group name, Status field is the privilege(s)
  490. // assigned to the user/group
  491. union {
  492. // PSCE_NAME_STATUS_LIST pPrivilegeAssignedTo;
  493. PSCE_PRIVILEGE_VALUE_LIST pPrivilegeAssignedTo;
  494. PSCE_PRIVILEGE_ASSIGNMENT pInfPrivilegeAssignedTo;
  495. } u;
  496. } scp;
  497. struct {
  498. // Area: user settings (sap)
  499. PSCE_NAME_LIST pUserList;
  500. // Area: privileges
  501. PSCE_PRIVILEGE_ASSIGNMENT pPrivilegeAssignedTo;
  502. } sap;
  503. struct {
  504. // Area: user settings (smp)
  505. PSCE_NAME_LIST pUserList;
  506. // Area: privileges
  507. // See sap structure for pPrivilegeAssignedTo
  508. PSCE_PRIVILEGE_ASSIGNMENT pPrivilegeAssignedTo;
  509. } smp;
  510. } OtherInfo;
  512. // Area: group membership
  513. PSCE_GROUP_MEMBERSHIP pGroupMembership;
  515. // Area: Registry
  516. SCE_OBJECTS pRegistryKeys;
  518. // Area: System Services
  519. PSCE_SERVICES pServices;
  521. // System storage
  522. SCE_OBJECTS pFiles;
  523. //
  524. // ds object
  525. //
  526. SCE_OBJECTS pDsObjects;
  527. //
  528. // kerberos policy settings
  529. //
  530. PSCE_KERBEROS_TICKET_INFO pKerberosInfo;
  531. //
  532. // System audit 0-system 1-security 2-application
  533. //
  534. DWORD MaximumLogSize[3];
  535. DWORD AuditLogRetentionPeriod[3];
  536. DWORD RetentionDays[3];
  537. DWORD RestrictGuestAccess[3];
  538. DWORD AuditSystemEvents;
  539. DWORD AuditLogonEvents;
  540. DWORD AuditObjectAccess;
  541. DWORD AuditPrivilegeUse;
  542. DWORD AuditPolicyChange;
  543. DWORD AuditAccountManage;
  544. DWORD AuditProcessTracking;
  545. DWORD AuditDSAccess;
  546. DWORD AuditAccountLogon;
  547. DWORD CrashOnAuditFull;
  549. //
  550. // registry values
  551. //
  552. DWORD RegValueCount;
  553. PSCE_REGISTRY_VALUE_INFO aRegValues;
  554. DWORD EnableAdminAccount;
  555. DWORD EnableGuestAccount;
  557. }SCE_PROFILE_INFO, *PSCE_PROFILE_INFO;
  559. //
  560. // The definition for security user profile which is used to assign common
  561. // user settings to a group of users/groups in the security manager.
  562. //
  564. typedef struct _SCE_USER_PROFILE {
  565. SCETYPE Type;
  566. // Type is used to free the structure by SceFreeMemory
  567. DWORD ForcePasswordChange;
  568. DWORD DisallowPasswordChange;
  569. DWORD NeverExpirePassword;
  570. DWORD AccountDisabled;
  571. PWSTR UserProfile;
  572. PWSTR LogonScript;
  573. PWSTR HomeDir;
  574. PSCE_LOGON_HOUR pLogonHours;
  575. UNICODE_STRING pWorkstations;
  576. PSCE_NAME_LIST pGroupsBelongsTo;
  577. PSCE_NAME_LIST pAssignToUsers;
  578. PSECURITY_DESCRIPTOR pHomeDirSecurity;
  579. SECURITY_INFORMATION HomeSeInfo;
  580. PSECURITY_DESCRIPTOR pTempDirSecurity;
  581. SECURITY_INFORMATION TempSeInfo;
  582. } SCE_USER_PROFILE, *PSCE_USER_PROFILE;
  584. //
  585. // The definition for each user's setting
  586. //
  588. typedef struct _SCE_USER_SETTING {
  589. SCETYPE Type;
  590. // Type is used to free the structure by SceFreeMemory
  591. DWORD ForcePasswordChange;
  592. DWORD DisallowPasswordChange;
  593. DWORD NeverExpirePassword;
  594. DWORD AccountDisabled;
  595. PSCE_NAME_LIST pGroupsBelongsTo;
  596. PWSTR UserProfile;
  597. PSECURITY_DESCRIPTOR pProfileSecurity;
  598. PWSTR LogonScript;
  599. PSECURITY_DESCRIPTOR pLogonScriptSecurity;
  600. PWSTR HomeDir;
  601. PSECURITY_DESCRIPTOR pHomeDirSecurity;
  602. SECURITY_INFORMATION HomeDirSeInfo;
  603. PWSTR TempDir;
  604. PSECURITY_DESCRIPTOR pTempDirSecurity;
  605. SECURITY_INFORMATION TempDirSeInfo;
  606. PSCE_LOGON_HOUR pLogonHours;
  607. UNICODE_STRING pWorkstations;
  608. PSCE_NAME_STATUS_LIST pPrivilegesHeld;
  609. DWORD BadPasswordAttempt;
  610. } SCE_USER_SETTING, *PSCE_USER_SETTING;
  613. //
  614. // prototypes defined in sceclnt.cpp
  615. //
  617. SCESTATUS
  618. WINAPI
  619. SceGetSecurityProfileInfo(
  620. IN PVOID hProfile OPTIONAL,
  621. IN SCETYPE ProfileType,
  622. IN AREA_INFORMATION Area,
  623. IN OUT PSCE_PROFILE_INFO *ppInfoBuffer,
  624. OUT PSCE_ERROR_LOG_INFO *Errlog OPTIONAL
  625. );
  627. SCESTATUS
  628. WINAPI
  629. SceGetObjectChildren(
  630. IN PVOID hProfile,
  631. IN SCETYPE ProfileType,
  632. IN AREA_INFORMATION Area,
  633. IN PWSTR ObjectPrefix,
  634. OUT PSCE_OBJECT_CHILDREN *Buffer,
  635. OUT PSCE_ERROR_LOG_INFO *Errlog OPTIONAL
  636. );
  638. SCESTATUS
  639. WINAPI
  640. SceOpenProfile(
  641. IN PCWSTR ProfileName,
  642. IN SCE_FORMAT_TYPE ProfileFormat,
  643. OUT PVOID *hProfile
  644. );
  646. SCESTATUS
  647. WINAPI
  648. SceCloseProfile(
  649. IN PVOID *hProfile
  650. );
  652. SCESTATUS
  653. WINAPI
  654. SceGetScpProfileDescription(
  655. IN PVOID hProfile,
  656. OUT PWSTR *Description
  657. );
  659. SCESTATUS
  660. WINAPI
  661. SceGetTimeStamp(
  662. IN PVOID hProfile,
  663. OUT PWSTR *ConfigTimeStamp,
  664. OUT PWSTR *AnalyzeTimeStamp
  665. );
  667. SCESTATUS
  668. WINAPI
  669. SceGetDbTime(
  670. IN PVOID hProfile,
  671. OUT SYSTEMTIME *ConfigTime,
  672. OUT SYSTEMTIME *AnalyzeTime
  673. );
  675. SCESTATUS
  676. WINAPI
  677. SceGetObjectSecurity(
  678. IN PVOID hProfile,
  679. IN SCETYPE ProfileType,
  680. IN AREA_INFORMATION Area,
  681. IN PWSTR ObjectName,
  682. OUT PSCE_OBJECT_SECURITY *ObjSecurity
  683. );
  685. SCESTATUS
  686. WINAPI
  687. SceGetAnalysisAreaSummary(
  688. IN PVOID hProfile,
  689. IN AREA_INFORMATION Area,
  690. OUT PDWORD pCount
  691. );
  693. SCESTATUS
  694. WINAPI
  695. SceCopyBaseProfile(
  696. IN PVOID hProfile,
  697. IN SCETYPE ProfileType,
  698. IN PWSTR InfFileName,
  699. IN AREA_INFORMATION Area,
  700. OUT PSCE_ERROR_LOG_INFO *pErrlog OPTIONAL
  701. );
  704. #define SCE_OVERWRITE_DB 0x01L
  705. #define SCE_UPDATE_DB 0x02L
  706. #define SCE_CALLBACK_DELTA 0x04L
  707. #define SCE_CALLBACK_TOTAL 0x08L
  708. #define SCE_VERBOSE_LOG 0x10L
  709. #define SCE_DISABLE_LOG 0x20L
  710. #define SCE_NO_CONFIG 0x40L
  711. #define SCE_DEBUG_LOG 0x80L
  713. typedef
  714. BOOL(CALLBACK *PSCE_AREA_CALLBACK_ROUTINE)(
  715. IN HANDLE CallbackHandle,
  716. IN AREA_INFORMATION Area,
  717. IN DWORD TotalTicks,
  718. IN DWORD CurrentTicks
  719. );
  721. typedef
  722. BOOL(CALLBACK *PSCE_BROWSE_CALLBACK_ROUTINE)(
  723. IN LONG GpoID,
  724. IN PWSTR KeyName OPTIONAL,
  725. IN PWSTR GpoName OPTIONAL,
  726. IN PWSTR Value OPTIONAL,
  727. IN DWORD Len
  728. );
  730. SCESTATUS
  731. WINAPI
  732. SceConfigureSystem(
  733. IN LPTSTR SystemName OPTIONAL,
  734. IN PCWSTR InfFileName OPTIONAL,
  735. IN PCWSTR DatabaseName,
  736. IN PCWSTR LogFileName OPTIONAL,
  737. IN DWORD ConfigOptions,
  738. IN AREA_INFORMATION Area,
  739. IN PSCE_AREA_CALLBACK_ROUTINE pCallback OPTIONAL,
  740. IN HANDLE hCallbackWnd OPTIONAL,
  741. OUT PDWORD pdWarning OPTIONAL
  742. );
  744. SCESTATUS
  745. WINAPI
  746. SceAnalyzeSystem(
  747. IN LPTSTR SystemName OPTIONAL,
  748. IN PCWSTR InfFileName OPTIONAL,
  749. IN PCWSTR DatabaseName,
  750. IN PCWSTR LogFileName OPTIONAL,
  751. IN DWORD AnalyzeOptions,
  752. IN AREA_INFORMATION Area,
  753. IN PSCE_AREA_CALLBACK_ROUTINE pCallback OPTIONAL,
  754. IN HANDLE hCallbackWnd OPTIONAL,
  755. OUT PDWORD pdWarning OPTIONAL
  756. );
  758. SCESTATUS
  759. WINAPI
  760. SceGenerateRollback(
  761. IN LPTSTR SystemName OPTIONAL,
  762. IN PCWSTR InfFileName,
  763. IN PCWSTR InfRollback,
  764. IN PCWSTR LogFileName OPTIONAL,
  765. IN DWORD Options,
  766. IN AREA_INFORMATION Area,
  767. OUT PDWORD pdWarning OPTIONAL
  768. );
  770. #define SCE_UPDATE_LOCAL_POLICY 0x1L
  771. #define SCE_UPDATE_DIRTY_ONLY 0x2L
  772. #define SCE_UPDATE_SYSTEM 0x4L
  774. SCESTATUS
  775. WINAPI
  776. SceUpdateSecurityProfile(
  777. IN PVOID hProfile OPTIONAL,
  778. IN AREA_INFORMATION Area,
  779. IN PSCE_PROFILE_INFO pInfo,
  780. IN DWORD dwMode
  781. );
  783. SCESTATUS
  784. WINAPI
  785. SceUpdateObjectInfo(
  786. IN PVOID hProfile,
  787. IN AREA_INFORMATION Area,
  788. IN PWSTR ObjectName,
  789. IN DWORD NameLen, // number of characters
  790. IN BYTE ConfigStatus,
  791. IN BOOL IsContainer,
  792. IN PSECURITY_DESCRIPTOR pSD,
  793. IN SECURITY_INFORMATION SeInfo,
  794. OUT PBYTE pAnalysisStatus
  795. );
  797. SCESTATUS
  798. WINAPI
  799. SceStartTransaction(
  800. IN PVOID cxtProfile
  801. );
  803. SCESTATUS
  804. WINAPI
  805. SceCommitTransaction(
  806. IN PVOID cxtProfile
  807. );
  809. SCESTATUS
  810. WINAPI
  811. SceRollbackTransaction(
  812. IN PVOID cxtProfile
  813. );
  815. typedef enum _SCE_SERVER_TYPE_ {
  817. SCESVR_UNKNOWN = 0,
  818. SCESVR_DC_WITH_DS,
  819. SCESVR_DC,
  820. SCESVR_NT5_SERVER,
  821. SCESVR_NT4_SERVER,
  822. SCESVR_NT5_WKS,
  823. SCESVR_NT4_WKS
  825. } SCE_SERVER_TYPE, *PSCE_SERVER_TYPE;
  827. SCESTATUS
  828. WINAPI
  829. SceGetServerProductType(
  830. IN LPTSTR SystemName OPTIONAL,
  831. OUT PSCE_SERVER_TYPE pServerType
  832. );
  834. SCESTATUS
  835. WINAPI
  836. SceLookupPrivRightName(
  837. IN INT Priv,
  838. OUT PWSTR Name,
  839. OUT PINT NameLen
  840. );
  842. SCESTATUS
  843. WINAPI
  844. SceSvcUpdateInfo(
  845. IN PVOID hProfile,
  846. IN PCWSTR ServiceName,
  847. IN PSCESVC_CONFIGURATION_INFO Info
  848. );
  850. //
  851. // prototype defined in infget.c
  852. //
  854. SCESTATUS
  855. WINAPI
  856. SceSvcGetInformationTemplate(
  857. IN LPCTSTR TemplateName,
  858. IN LPCTSTR ServiceName,
  859. IN LPCTSTR Key OPTIONAL,
  860. OUT PSCESVC_CONFIGURATION_INFO *ServiceInfo
  861. );
  863. //
  864. // prototypes defined in infwrite.c
  865. //
  866. SCESTATUS
  867. WINAPI
  868. SceWriteSecurityProfileInfo(
  869. IN PCWSTR InfProfileName,
  870. IN AREA_INFORMATION Area,
  871. IN PSCE_PROFILE_INFO ppInfoBuffer,
  872. OUT PSCE_ERROR_LOG_INFO *Errlog OPTIONAL
  873. );
  875. SCESTATUS
  876. WINAPI
  877. SceAppendSecurityProfileInfo(
  878. IN PCWSTR InfProfileName,
  879. IN AREA_INFORMATION Area,
  880. IN PSCE_PROFILE_INFO ppInfoBuffer,
  881. OUT PSCE_ERROR_LOG_INFO *Errlog OPTIONAL
  882. );
  884. SCESTATUS
  885. WINAPI
  886. SceSvcSetInformationTemplate(
  887. IN LPCTSTR TemplateName,
  888. IN LPCTSTR ServiceName,
  889. IN BOOL bExact,
  890. IN PSCESVC_CONFIGURATION_INFO ServiceInfo
  891. );
  893. //
  894. // prototypes defined in common.cpp
  895. //
  897. SCESTATUS
  898. WINAPI
  899. SceFreeMemory(
  900. IN PVOID smInfo,
  901. IN DWORD Category
  902. );
  904. BOOL
  905. WINAPI
  906. SceCompareNameList(
  907. IN PSCE_NAME_LIST pList1,
  908. IN PSCE_NAME_LIST pList2
  909. );
  911. SCESTATUS
  912. WINAPI
  913. SceCompareSecurityDescriptors(
  914. IN AREA_INFORMATION Area,
  915. IN PSECURITY_DESCRIPTOR pSD1,
  916. IN PSECURITY_DESCRIPTOR pSD2,
  917. IN SECURITY_INFORMATION SeInfo,
  918. OUT PBOOL IsDifferent
  919. );
  921. SCESTATUS
  922. WINAPI
  923. SceCreateDirectory(
  924. IN PCWSTR ProfileLocation,
  925. IN BOOL FileOrDir,
  926. PSECURITY_DESCRIPTOR pSecurityDescriptor
  927. );
  929. SCESTATUS
  930. WINAPI
  931. SceFreeProfileMemory(
  932. PSCE_PROFILE_INFO pProfile
  933. );
  935. SCESTATUS
  936. WINAPI
  937. SceAddToNameStatusList(
  938. IN OUT PSCE_NAME_STATUS_LIST *pNameStatusList,
  939. IN PWSTR Name,
  940. IN ULONG Len,
  941. IN DWORD Status
  942. );
  944. SCESTATUS
  945. WINAPI
  946. SceAddToNameList(
  947. IN OUT PSCE_NAME_LIST *pNameList,
  948. IN PWSTR Name,
  949. IN ULONG Len
  950. );
  952. #define SCE_CHECK_DUP 0x01
  953. #define SCE_INCREASE_COUNT 0x02
  955. SCESTATUS
  956. WINAPI
  957. SceAddToObjectList(
  958. IN OUT PSCE_OBJECT_LIST *pObjectList,
  959. IN PWSTR Name,
  960. IN ULONG Len,
  961. IN BOOL IsContainer,
  962. IN BYTE Status,
  963. IN BYTE byFlags
  964. );
  966. DWORD
  967. WINAPI
  968. SceEnumerateServices(
  969. OUT PSCE_SERVICES *pServiceList,
  970. IN BOOL bServiceNameOnly
  971. );
  973. DWORD
  974. WINAPI
  975. SceSetupGenerateTemplate(
  976. IN LPTSTR SystemName OPTIONAL,
  977. IN LPTSTR JetDbName OPTIONAL,
  978. IN BOOL bFromMergedTable,
  979. IN LPTSTR InfTemplateName,
  980. IN LPTSTR LogFileName OPTIONAL,
  981. IN AREA_INFORMATION Area
  982. );
  985. #define SCE_REG_DISPLAY_NAME TEXT("DisplayName")
  986. #define SCE_REG_DISPLAY_TYPE TEXT("DisplayType")
  987. #define SCE_REG_VALUE_TYPE TEXT("ValueType")
  988. #define SCE_REG_DISPLAY_UNIT TEXT("DisplayUnit")
  989. #define SCE_REG_DISPLAY_CHOICES TEXT("DisplayChoices")
  990. #define SCE_REG_DISPLAY_FLAGLIST TEXT("DisplayFlags")
  992. #define SCE_REG_DISPLAY_ENABLE 0
  993. #define SCE_REG_DISPLAY_NUMBER 1
  994. #define SCE_REG_DISPLAY_STRING 2
  995. #define SCE_REG_DISPLAY_CHOICE 3
  996. #define SCE_REG_DISPLAY_MULTISZ 4
  997. #define SCE_REG_DISPLAY_FLAGS 5
  999. DWORD
  1000. WINAPI
  1001. SceRegisterRegValues(
  1002. IN LPTSTR InfFileName
  1003. );
  1005. //
  1006. // for service attachments
  1007. //
  1009. SCESTATUS
  1010. WINAPI
  1011. SceSvcQueryInfo(
  1012. IN SCE_HANDLE sceHandle,
  1013. IN SCESVC_INFO_TYPE sceType,
  1014. IN LPTSTR lpPrefix OPTIONAL,
  1015. IN BOOL bExact,
  1016. OUT PVOID *ppvInfo,
  1017. OUT PSCE_ENUMERATION_CONTEXT psceEnumHandle
  1018. );
  1020. SCESTATUS
  1021. WINAPI
  1022. SceSvcSetInfo(
  1023. IN SCE_HANDLE sceHandle,
  1024. IN SCESVC_INFO_TYPE sceType,
  1025. IN LPTSTR lpPrefix OPTIONAL,
  1026. IN BOOL bExact,
  1027. IN PVOID pvInfo
  1028. );
  1030. SCESTATUS
  1031. WINAPI
  1032. SceSvcFree(
  1033. IN PVOID pvServiceInfo
  1034. );
  1036. SCESTATUS
  1037. WINAPI
  1038. SceSvcConvertTextToSD (
  1039. IN PWSTR pwszTextSD,
  1040. OUT PSECURITY_DESCRIPTOR *ppSD,
  1041. OUT PULONG pulSDSize,
  1042. OUT PSECURITY_INFORMATION psiSeInfo
  1043. );
  1045. SCESTATUS
  1046. WINAPI
  1047. SceSvcConvertSDToText (
  1048. IN PSECURITY_DESCRIPTOR pSD,
  1049. IN SECURITY_INFORMATION siSecurityInfo,
  1050. OUT PWSTR *ppwszTextSD,
  1051. OUT PULONG pulTextSize
  1052. );
  1054. //
  1055. // check service.cpp if the following constants are changed because
  1056. // it has a buffer length dependency
  1057. //
  1058. #define SCE_ROOT_POLICY_PATH \
  1059. SCE_ROOT_PATH TEXT("\\Policies")
  1060. #define SCE_ROOT_REGVALUE_PATH \
  1061. SCE_ROOT_PATH TEXT("\\Reg Values")
  1063. // define for GPT integration
  1064. #define GPTSCE_PATH TEXT("Software\\Policies\\Microsoft\\Windows NT\\SecEdit")
  1065. #define GPTSCE_PERIOD_NAME TEXT("ConfigurePeriod")
  1066. #define GPTSCE_TEMPLATE TEXT("Microsoft\\Windows NT\\SecEdit\\GptTmpl.inf")
  1068. AREA_INFORMATION
  1069. SceGetAreas(
  1070. LPTSTR InfName
  1071. );
  1073. BOOL
  1074. SceIsSystemDatabase(
  1075. IN LPCTSTR DatabaseName
  1076. );
  1078. SCESTATUS
  1079. SceBrowseDatabaseTable(
  1080. IN PWSTR DatabaseName OPTIONAL,
  1081. IN SCETYPE ProfileType,
  1082. IN AREA_INFORMATION Area,
  1083. IN BOOL bDomainPolicyOnly,
  1084. IN PSCE_BROWSE_CALLBACK_ROUTINE pCallback OPTIONAL
  1085. );
  1087. SCESTATUS
  1088. WINAPI
  1089. SceGetDatabaseSetting(
  1090. IN PVOID hProfile,
  1091. IN SCETYPE ProfileType,
  1092. IN PWSTR SectionName,
  1093. IN PWSTR KeyName,
  1094. OUT PWSTR *Value,
  1095. OUT DWORD *pnBytes OPTIONAL
  1096. );
  1098. SCESTATUS
  1099. WINAPI
  1100. SceSetDatabaseSetting(
  1101. IN PVOID hProfile,
  1102. IN SCETYPE ProfileType,
  1103. IN PWSTR SectionName,
  1104. IN PWSTR KeyName,
  1105. IN PWSTR Value OPTIONAL,
  1106. IN DWORD nBytes
  1107. );
  1109. #ifdef __cplusplus
  1110. }
  1111. #endif
  1113. #endif